The proliferation of digital information has allowed vast amounts of data to be shared very easily from almost anywhere in the world. Connecting online with a computer allows a user to access almost unlimited amounts of information. This dissemination of data is often extremely useful, but at times can also pose problems. The fact that data can be so easily passed from place to place when desired also allows the data to pass from place to place even when not desired. Thus, a great deal of effort has been placed on curtailing the flow of data, permitting only desired data to be released and retaining private information. One way of controlling the information is to actually make the data harder to disseminate. Disconnecting a computer's physical connections, transferring data only via a separate media device, and encrypting information are a few of the ways to limit the flow of information. These techniques actually reverse the one benefit of having digital information—the ease of dissemination.
Often, a user would like to allow only certain users to access particular information. With the aforementioned techniques, this would require a significant amount of effort, time, and cost. For instance, if the user were disconnecting their computer to protect their data, they would have to coordinate with the other user for a specific time that a connection is to be made to allow access to the information. Encryption, as an access control, has similar deficiencies, namely requiring another user to previously obtain a cryptographic key in order to decode the information. This technique also requires that the information be encoded, increasing effort on both sides. In both of these examples, a user essentially is opening up access to information to a user in an all or nothing approach. To actually control when and how a user accesses the data, further effort is required beyond that described. In the first instance, if the other user is an unknown user, the user with the information must spend time to determine if the unknown user should actually be allowed to access the information, even before a connection is made. In the second instance, if the other user already has a decryption key, the data can be accessed at any time, possibly not what the information user had intended. It is very common for users to constantly change their minds concerning when and what data should be made accessible and to whom.
The above techniques place an extreme burden on a user to protect their data. Frequently, users become frustrated by the costs and either open access to all other users or completely shut down access to anyone. If the information is of a personal nature on a home computer, this latter method might be acceptable to a user. However, if the user is an employee in a business environment, closing access to everyone is not acceptable. Thus, deliberating about the control of information is essential in effective collaboration with others in business, as well as in the arts, education, government, family communication, and many other realms of social discourse. As a business example, a bank must transfer data such as payments and loan information to other facilities, but it must also protect the privacy of its clients and not inadvertently release data regarding a customer's personal information such as telephone numbers, addresses, and bank account balances. Employees must often share information within a computing system that must be protected from outside businesses that might need only occasional access. Even among employees, some may be required to have certain information while other employees might be restricted from obtaining that data. In more complex situations, the access control might additionally be required to even limit when and/or where the data can be accessed. All of these requirements facilitate to make information access a substantial problem to overcome.
Traditional solutions to access control issues have typically only addressed one or two aspects of the total problem. They have lacked any type of flexibility to address multiple aspects. This resulted in solutions that provided high security but great effort to access or solutions that allowed only predefined levels of access to all users. These types of solutions do not allow for dynamic changes such as changes in access timing, changes in user status, changes based on contents of the information, nor changes that occur due to activities of the information holder. A user might desire to have co-workers who are working on a similar project to have access to information related to that project. However, the user might also want to disallow access to information about costs and projected sales analysis information to all but managers of the project. It is also conceivable that the user might also want to control when the managers receive the information if several different designs for a project were being considered, and the user only wanted to present the optimum budget information.
Likewise, it has become common for users to maintain information that facilitates them on a day-to-day basis with scheduling, tasks, and workloads. This information might be invaluable to tracking an employee's productivity and/or whereabouts. The employee might consider this information extremely private if a meeting was scheduled in place of another's meeting, and the user preferred to attend the second meeting. The user might not want the original meeting host to know why the user is not attending. So, in this example, accessing that information by the original meeting host is unacceptable to the user. However, other attendees of the second meeting might be grateful to obtain the user's information to validate that the user is in fact attending their meeting. Thus, the flexibility of controlling access to information is a highly desirable feature.